Yes, Cisco IOS-XR has had quite a few CVEs... https://www.cvedetails.com/vulnerability-list/vendor_id-16/product_id-5654/Cisco-Ios-Xr.html . Or did you mean something else ?
Long time ago now (14 years) in the realm of things, My team was involved with all the network processes, some of my colleagues were involved with the security processes hence my mention of it. Funny how this was mentioned in regard to "our guys" concerned about a Chinese company having access to our data all those years ago. Roll on a few years and it became a big issue...